Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Kerio VPN If another DNS server than the DNS module in Kerio Control is used in the local network, use this option. DNS domain extension is also assigned to VPN clients. Domain extension specifies local domain. If the VPN client’s extension matches a local domain of the networks it connects to, it can use hostnames within this network (e.g. server). Otherwise, full name of the host including domain is required (e.g. server.company.local). DNS extension can be also resolved automatically or set manually: • Automatic resolution can be used in case that the host belongs to the Active Directory domain and/or in case that firewall users are authenticated in this domain (see chapter 16.1). • DNS domain must be specified in case that it is a Windows NT domain or a network without a domain, or in case that another domain extension is desirable (e.g. when multiple Active Directory are mapped). Note: DNS servers assigned by the VPN server will be used as primary/secondary DNS server(s) on the client host. This implies that all DNS queries from the client host will be sent to these servers. However, in most cases this kind of “redirection” has no side effects. Upon closing of the VPN connection, the original DNS configuration will be recovered. WINS configuration for VPN clients The WINS service is used for resolution of hostnames to IP addresses within Microsoft Windows networks. Assigning of a WINS server address then allows VPN clients browse in LAN hosts (Network Neighborhood / My Network Places). Figure 23.5 VPN server settings — specification of WINS servers for VPN clients 312
23.1 VPN Server Configuration Kerio Control can detect WINS servers either automatically (using its host configuration) or use specified addresses of primary or/and secondary WINS server(s). Automatic configuration can be used if you are sure that WINS servers on the Kerio Control host are set correctly. Advanced Options Figure 23.6 VPN server settings — server port and routes for VPN clients Listen on port The port on which the VPN server listens for incoming connections (both TCP and UDP protocols are used). The port 4090 is set as default (under usual circumstances it is not necessary to switch to another port). Note: 1. If the VPN server is already running, all VPN clients will be automatically disconnected during the port change. 2. If it is not possible to run the VPN server at the specified port (the port is used by another service), the following error will be reported in the Error log (see chapter 22.8) upon clicking on the Apply button: (4103:10048) Socket error: Unable to bind socket for service to port 4090. (5002) Failed to start service "VPN" bound to address 192.168.1.1. 313
- Page 261 and 262: 19.2 Network connections overview F
- Page 263 and 264: 19.4 Alerts • Session duration.
- Page 265 and 266: 19.4 Alerts • Connection failover
- Page 267 and 268: 19.4 Alerts Click an event to view
- Page 269 and 270: 20.1 Volume of transferred data and
- Page 271 and 272: 20.2 Interface statistics Figure 20
- Page 273 and 274: 20.2 Interface statistics Figure 20
- Page 275 and 276: 21.1 Monitoring and storage of stat
- Page 277 and 278: 21.2 Settings for statistics and qu
- Page 279 and 280: 21.3 Connection to StaR and viewing
- Page 281 and 282: 21.3 Connection to StaR and viewing
- Page 283 and 284: 22.1 Log settings Figure 22.1 Log s
- Page 285 and 286: 22.1 Log settings Figure 22.3 Syslo
- Page 287 and 288: 22.2 Logs Context Menu • Target f
- Page 289 and 290: 22.3 Alert Log Figure 22.7 Highligh
- Page 291 and 292: 22.5 Connection Log A typical examp
- Page 293 and 294: 22.6 Debug Log The expression must
- Page 295 and 296: 22.7 Dial Log 3. Disconnection caus
- Page 297 and 298: 22.9 Filter Log • 8000-8099 — H
- Page 299 and 300: 22.10 Http log Packet log example:
- Page 301 and 302: 22.11 Security Log An example of Ht
- Page 303 and 304: 22.11 Security Log Example: [17/Jul
- Page 305 and 306: 22.13 Warning Log Events causing di
- Page 307 and 308: Chapter 23 Kerio VPN Kerio Control
- Page 309 and 310: 23.1 VPN Server Configuration Figur
- Page 311: 23.1 VPN Server Configuration the V
- Page 315 and 316: 23.3 Interconnection of two private
- Page 317 and 318: 23.3 Interconnection of two private
- Page 319 and 320: 23.3 Interconnection of two private
- Page 321 and 322: 23.4 Exchange of routing informatio
- Page 323 and 324: 23.5 Example of Kerio VPN configura
- Page 325 and 326: 23.5 Example of Kerio VPN configura
- Page 327 and 328: 23.5 Example of Kerio VPN configura
- Page 329 and 330: 23.5 Example of Kerio VPN configura
- Page 331 and 332: 23.5 Example of Kerio VPN configura
- Page 333 and 334: 23.5 Example of Kerio VPN configura
- Page 335 and 336: 23.6 Example of a more complex Keri
- Page 337 and 338: 23.6 Example of a more complex Keri
- Page 339 and 340: 23.6 Example of a more complex Keri
- Page 341 and 342: 23.6 Example of a more complex Keri
- Page 343 and 344: 23.6 Example of a more complex Keri
- Page 345 and 346: 23.6 Example of a more complex Keri
- Page 347 and 348: 23.6 Example of a more complex Keri
- Page 349 and 350: 23.6 Example of a more complex Keri
- Page 351 and 352: 23.6 Example of a more complex Keri
- Page 353 and 354: 23.6 Example of a more complex Keri
- Page 355 and 356: 23.6 Example of a more complex Keri
- Page 357 and 358: 23.6 Example of a more complex Keri
- Page 359 and 360: 23.6 Example of a more complex Keri
- Page 361 and 362: 24.1 Kerio Control SSL-VPN configur
<strong>Kerio</strong> VPN<br />
If another DNS server than the DNS module in <strong>Kerio</strong> Control is used in the local<br />
network, use this option.<br />
DNS domain extension is also assigned to VPN clients. Domain extension specifies local<br />
domain. If the VPN client’s extension matches a local domain of the networks it connects<br />
to, it can use hostnames within this network (e.g. server). Otherwise, full name of the host<br />
including domain is required (e.g. server.company.local).<br />
DNS extension can be also resolved automatically or set manually:<br />
• Automatic resolution can be used in case that the host belongs to the Active Directory<br />
domain and/or in case that firewall users are authenticated in this domain (see<br />
chapter 16.1).<br />
• DNS domain must be specified in case that it is a Windows NT domain or a network<br />
without a domain, or in case that another domain extension is desirable (e.g. when<br />
multiple Active Directory are mapped).<br />
Note: DNS servers assigned by the VPN server will be used as primary/secondary DNS server(s)<br />
on the client host. This implies that all DNS queries from the client host will be sent to these<br />
servers. However, in most cases this kind of “redirection” has no side effects. Upon closing of<br />
the VPN connection, the original DNS configuration will be recovered.<br />
WINS configuration for VPN clients<br />
The WINS service is used for resolution of hostnames to IP addresses within Microsoft Windows<br />
networks. Assigning of a WINS server address then allows VPN clients browse in LAN hosts<br />
(Network Neighborhood / My Network Places).<br />
Figure 23.5<br />
VPN server settings — specification of WINS servers for VPN clients<br />
312